I need to run Ansible through two bastions to update nodes so I’ve set up the following ~/.ssh/config
Host gateway
HostName gateway.mycorp.com
Port 55522
User ci
IdentityFile ~/.ssh/id_rsa
ServerAliveInterval 20
ServerAliveCountMax 30
Host 10.0.0.*
User ubuntu
ProxyCommand ssh gateway -t ssh -t staging nc %h %p
So I can then SSH 10.0.0.x and it will open a connection correctly and I can run “ansible -i ~/staging.py all -m ping” and that will also work. We use the same initial bastion but a separate second level bastion for production so I need to find a way of choosing the correct setup to use.
The problem is that the staging and production nodes both use 10.0.0.x addresses so I can’t use wildcards. To get around the problem I though of using separate Ansible config files to point at separate SSH config files but if I specify this;
[ssh_connection]
ssh_args = “-F /path/to/staging_config”
Then the process fails with the following error;
"<10.0.0.50> ESTABLISH CONNECTION FOR USER: xxx
<10.0.0.50> REMOTE_MODULE ping
<10.0.0.50> EXEC [‘ssh’, ‘-C’, ‘-tt’, ‘-vvv’, ‘-F /path/to/staging_config’, ‘-o’, ‘KbdInteractiveAuthentication=no’, ‘-o’, ‘PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey’, ‘-o’, ‘PasswordAuthentication=no’, ‘-o’, ‘ConnectTimeout=10’, u’10.0.0.50’, “/bin/sh -c ‘mkdir -p $HOME/.ansible/tmp/ansible-tmp-1403087780.31-158917582403908 && chmod a+rx $HOME/.ansible/tmp/ansible-tmp-1403087780.31-158917582403908 && echo $HOME/.ansible/tmp/ansible-tmp-1403087780.31-158917582403908’”]
10.0.0.50 | FAILED => SSH encountered an unknown error. The output was:
OpenSSH_6.0p1 Debian-3ubuntu1, OpenSSL 1.0.1c 10 May 2012
Can’t open user config file /hudson/.ssh/staging_config: No such file or directory"
So my workaround doesn’t work because SSH isn’t finding the file but it works with the same user outside of Ansible.
Can anyone see where it might be failing or can anyone suggest a better solution to the problem?
tia,
Graham